CAS-003 Practice Questions

A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm's expertise is in penetration testing corporate netw...

Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ's headquarters. Which of the following BEST prevents Company XYZ...

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective co...

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet t...

An administrator is tasked with securing several website domains on a web server. The to secure those domains with a single issued certificate?

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not bein...

A security tester is testing a website and performs the following manual query: The following response is received in the payload: "ORA-000001: SQL command not properly ended" Whic...

ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM ad...

ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are...

A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the highest level. W...

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following...

A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting web...

A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the...

Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As par...

A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administ...

Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store...

Which of the following is an example of single sign-on?

Which of the following BEST describes the implications of placing an IDS device inside or outside of the corporate firewall?

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the followi...

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function wi...

Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represe...

The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in qu...

A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus h...

In a SPML exchange, which of the following BEST describes the three primary roles?

The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is...

Which of the following types of attacks is the user attempting? select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the inves...

A system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator...

A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues. However, to...

A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of...

The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST a...

An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might...

Part of the procedure for decommissioning a database server is to wipe all local disks, as well as SAN LUNs allocated to the server, even though the SAN itself is not being decommi...

The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be...

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been makin...

Given the code snippet below: Which of the following vulnerability types in the MOST concerning?

To meet a SLA, which of the following document should be drafted, defining the company's internal interdependent unit responsibilities and delivery timelines.

A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company's products. The ana...

An organization has established the following controls matrix: The following control sets have been defined by the organization and are applied in aggregate fashion: Systems contai...

A company's existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More...

A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before th...

A threat advisory alert was just emailed to the IT security staff. The alert references specific types of host operating systems that can allow an unauthorized person to access fil...

A network engineer is attempting to design-in resiliency characteristics for an enterprise network's VPN services. If the engineer wants to help ensure some resilience against zero...

An information security officer is responsible for one secure network and one office network. Recent intelligence suggests there is an opportunity for attackers to gain access to t...

A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to se...

A systems administrator recently joined an organization and has been asked to perform a security assessment of controls on the organization's file servers, which contain client dat...

Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them...

Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source record...

The legal department has required that all traffic to and from a company's cloud-based word processing and email system is logged. To meet this requirement, the Chief Information S...

A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessmen...